Solo.io, in collaboration with Google, is launching a platform to simplify the deployment and management of the open source Istio service mesh.
Brian Gracely, vice president of product management for Solo.io, says Istio Ambient Mesh will provide a lighter-weight alternative to the existing management framework based on container sidecars that IT teams employ today to deploy and manage Istio on Kubernetes clusters.
The Istio Ambient Mesh, available in beta, provides a control plane alternative that can be deployed using either container sidecars or as a process within Istio that enables proxy functionality to be pushed down to the node level, he adds.
That capability will also improve the overall performance of the Istio service mesh while simultaneously reducing the amount of compute and memory resources required by a factor of 10 to 20, he said. There is no loss of platform or policy management capabilities, no loss of application-specific security and application offload capabilities and no need for IT teams to learn an additional programming language, notes Gracely.
That approach enables greater flexibility for microservices-based applications running in a multitenant Kubernetes environment that do not always require full Layer 7 services from the service mesh, notes Gracely. In addition, security policies can be implemented in a way that delivers full Layer 7 security inspection, he says.
Finally, a more modular architecture will, over time, make it easier to update instances of Istio but also add additional functionality to the Istio service mesh, he adds.
Solo.io is currently making Istio Ambient Mesh available as a tech preview in Gloo Mesh and plans to make it generally available as part of the forthcoming Solo.io Gloo Mesh 2.1 platform.
The overall goal is to make Istio more accessible to a wider range of enterprise IT organizations, says Gracely. The Istio service mesh has been offered to the Cloud Native Computing Foundation (CNCF), which oversees the development of Kubernetes alongside multiple other service mesh platforms.
Service meshes initially emerged as a way to manage APIs at scale instead of relying on proxy software or an API gateway alone. More recently, IT organizations have started to appreciate the programmable layer of abstraction that a service mesh creates above lower-level networking and security interfaces. That layer of abstraction makes those underlying services more accessible to developers.
Competition between service mesh platforms revolves around two core issues. Service meshes like Linkerd are considerably lighter-weight than, for example, Istio. That makes them simpler for a developer to implement. Istio’s advocates argue that it’s only a matter of time before enterprise IT organizations will need the richer set of capabilities their preferred service mesh enables. Of course, the more robust the feature set of a service mesh, the more likely it is to require an IT operations team that has been trained to implement and manage it. Regardless of approach, however, one thing that is clear is that service meshes will soon fundamentally change the way IT is managed.